The Nation's #1 Independent Veterans Web Site
                                                   Click here to make VA Watchdog dot Org your homepage


                  VA NEWS FLASH from Larry Scott at VA Watchdog dot Org -- 03-04-2008 #2		  






 


 
 

 



VA Watchdog Stuff
cups, hats, shirts
click here to
support the site





Be sure to get all five
VA Watchdog dot Org
RSS feeds --
Daily VA
News Flashes
 House CVA
Veterans' News
 Senate CVA
Veterans' News
 VA Press
Releases
 VSO Press
Releases

 


Download your
free copy of the
2007 VA benefits
handbook here...

 

 

 

Printer-Friendly Version




THIS TIME A STOLEN VA LAPTOP IS CAUGHT IN THE SAFETY

NET -- Department's mobile data security policies and

practices prevented information breach.

 

 

For a complete look at VA data loss stories, go to this page...
http://www.vawatchdog.org/va%20data%20theft%20news.htm

Story here... http://www.fcw.com/online/news/151810-1.html

Story below:

-------------------------

Stolen VA laptop caught in safety net

Department’s mobile data security policies and practices prevented information breach

By Mary Mosquera



The Veterans Affairs Department lost another laptop PC, but the department was better prepared this time.

When an employee at VA’s Austin Corporate Data Center in Texas had his laptop stolen from his apartment last month, the department’s revamped security policies and new security technologies were put to the test. Unlike what happened when a VA laptop was stolen in 2006, data on the newly missing laptop was protected by encryption, and VA officials knew exactly what equipment was missing.

Article continues below:

                   (use left/right arrows in screen to view more videos)
Watch the latest videos on YouTube.com

“The safety net held,” said Adair Martinez, VA’s deputy assistant secretary for information protection and risk management. “Even though it can be hard to carry out some of the controls we require, the reward is that government information can’t be violated.”

In May 2006, when another employee had a laptop stolen that contained millions of veterans’ records, VA quickly established new policies, procedures and technology fixes to tighten data security. Experts say this latest VA incident shows that the department learned from its experience.

VA protected the laptop with GuardianEdge full-disk encryption. No one lacking proper authentication could do more than turn on the computer. The encryption software would block unauthorized users from accessing the data, Martinez said.

In the latest incident, the employee immediately reported the theft to VA and the Austin police department. Because VA followed information technology security policies and procedures, officials could determine that no sensitive data resided on the laptop.

VA had maintained its asset management inventory processes, so officials knew what equipment was missing. Employees are required to bring their laptops into their office’s IT shop at least every 30 days to receive software updates. Technicians upgrade Microsoft Windows, antivirus, intrusion-detection and encryption software during those updates, Martinez said.

On the evening of the theft, Austin police recovered the laptop in a raid on a convenience store suspected of involvement in drug activity. Police noticed the VA insignia flashing on a laptop running in the back of the store. Believing it might be stolen government property, the police took possession of it and notified the Homeland Security Department, which contacted VA and returned it. The only damage was a broken lock. The employee whose laptop was stolen had permission to bring the laptop home, where he had locked it down to furniture.

After the 2006 incident, OMB directed agencies to encrypt mobile data, implement a timeout function that requires reauthentication, and establish policies for logging computer-readable extracts from databases holding sensitive information.

“Agencies are encrypting all data — data at rest, data that is mobile,” said Karen Evans, OMB’s administrator for e-government and IT. “We also are using two-factor authentication, which makes sure only authorized people are on your network.”

Data security policies and procedures are needed, but encrypting the data is what protected VA, said Alan Paller, research director at the SANS Institute. VA should be commended for having accomplished that, he said. “Encrypting data is the only defense against attacks right now.”

-------------------------

posted by Larry Scott
Founder and Editor
VA Watchdog dot Org

Don't forget to read all of today's VA News Flashes (click here)

Click here to make VA Watchdog dot Org your homepage

email Larry

Send this page to a friend:    

(go back to VA Watchdog dot Org Home Page)




 

Has Uncle Sam turned his back
on your request
for VA benefits?

 Contact LEGAL HELP FOR VETERANS for assistance with the benefits you deserve.
click for more info


       
Military Medical Malpractice 
Legal Network               

 

 



 VA Watchdog Stuff
cups, hats, shirts
click here to
support the site







 

 

   
Google
 
Web www.vawatchdog.org


FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such materials available in an effort to advance understanding of veterans' issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed an interest in receiving the included information for educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.